Penetration Testing mailing list archives
Re: [PEN-TEST] Wanted: info on JetDirect security test procs?
From: "Grunberg, Jeffrey" <jeff.grunberg () PURCHASE EDU>
Date: Fri, 6 Oct 2000 19:53:22 -0400
I've done some playing around with jet direct boxes and found something that may be useful in the future...You can telnet to port 9100, and just start typing (end with a CTRL-D or just disconnect) and sends raw text straight to the printer that's connected...I'm guessing that you've tried printed via ftping and then using "put filename"...You can also check out http://www.securityfocus.com/vdb/bottom.html?vid=1491 ...It's a cheap little DoS attack via ftp for certain firmwares... - [jeff] -----Original Message----- From: Costa, Andrew [mailto:Andrew.Costa () CITIZENSBANK COM] Sent: Friday, October 06, 2000 1:57 PM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] Wanted: info on JetDirect security test procs? I have found what I believe to be some flaws in our implementation of HP JetDirect IP-based printing. I have been playing w/telnet & FTP, which have exposed some security holes, but would like to know if there is a comprehensive checklist of sorts that outlines known vulnerabilities, etc. Thanks, Andrew Costa
Current thread:
- [PEN-TEST] Wanted: info on JetDirect security test procs? Costa, Andrew (Oct 06)
- Re: [PEN-TEST] Wanted: info on JetDirect security test procs? Shetron, Richard (Oct 07)
- Re: [PEN-TEST] Wanted: info on JetDirect security test procs? Mark Teicher (Oct 09)
- <Possible follow-ups>
- Re: [PEN-TEST] Wanted: info on JetDirect security test procs? Grunberg, Jeffrey (Oct 07)
- Re: [PEN-TEST] Wanted: info on JetDirect security test procs? Shetron, Richard (Oct 07)